CARAMEL · Project

AI-Powered Anti-Hacking Protection for Connected and Self-Driving Cars

transportPilotedTRL 7

h2020caramel.eu

Imagine your car is basically a computer on wheels — it talks to other cars, to traffic lights, even to the power grid when charging. Now imagine someone hacking into all of that. CARAMEL built an AI-powered security guard that sits inside the car's network, spots suspicious activity in real time, and blocks attacks before they cause harm. Think of it like antivirus software, but for your vehicle's brain — covering everything from 5G connections to the autopilot to the charging plug on electric cars.

By the numbers

consortium partners across industry, research, and academia

countries represented in the consortium

industry partners involved in development and testing

SMEs participating in the project

77%

industry ratio in the consortium

total deliverables produced

The business problem

What needed solving

Connected and self-driving cars are essentially rolling computers — and every new feature (5G, autopilot, smart EV charging) is another door a hacker can walk through. A successful cyberattack on a vehicle fleet could mean stolen data, stranded vehicles, reputational disaster, or worse — endangering lives. Existing IT security tools were not designed for the unique constraints of automotive systems, leaving car manufacturers and fleet operators dangerously exposed.

The solution

What was built

The project built a working AI-powered Intrusion Detection and Prevention System (IDS/IPS) with a Hardware Security Module (HSM), specifically designed for connected and automated vehicles. It was demonstrated through extensive attack and penetration scenarios covering 5G connectivity, autopilot systems, and EV smart charging — with 15 deliverables including a final demonstrator and a roadmap for commercial evolution.

Audience

Who needs this

Car manufacturers (OEMs) adding connected or autonomous features to their vehiclesTier-1 automotive suppliers building electronic control units and communication modulesEV charging network operators securing vehicle-to-grid communicationsTelecom operators deploying 5G vehicle-to-everything (V2X) servicesFleet management companies operating connected commercial vehicles

Business applications

Who can put this to work

Automotive Manufacturing

enterprise

Target: Car manufacturers and Tier-1 suppliers building connected or autonomous vehicles

If you are a car manufacturer integrating 5G connectivity or autopilot features into your vehicles — this project developed a ready-to-deploy Intrusion Detection and Prevention System (IDS/IPS) with a Hardware Security Module that detects and blocks cyberattacks in real time. The system was validated through extensive attack and penetration scenarios across a 22-partner consortium with 17 industry players. This means you can ship connected cars with built-in cyber protection instead of building it from scratch.

Electric Vehicle Charging Infrastructure

mid-size

Target: EV charging network operators and smart grid companies

If you are an EV charging operator worried about hackers exploiting the communication between vehicles and charging stations — this project specifically addressed smart charging cybersecurity gaps that existing solutions miss. The CARAMEL system protects the data exchange during EV charging sessions, preventing firmware manipulation and unauthorized access. With electric vehicles growing fast, securing the charging ecosystem is no longer optional.

Telecommunications and 5G Infrastructure

enterprise

Target: Telecom operators deploying 5G vehicle-to-everything (V2X) services

If you are a telecom company rolling out 5G services for connected mobility — this project tackled the cybersecurity gaps that 5G introduces to vehicle communications. The AI-based detection system was designed to monitor and protect 5G-connected vehicle networks from intrusion. Tested across 9 countries with real attack scenarios, it gives you a proven security layer to bundle with your V2X connectivity services.

Frequently asked

Quick answers

What would this cost to integrate into our vehicles or infrastructure?

Pricing details are not available in the public project data. The project targeted commercial IDS/IPS products for the European automotive market, so licensing or integration pricing would need to be discussed directly with the consortium partners. Given that 7 SMEs participated, there may be flexible options for different company sizes.

Can this scale to protect an entire vehicle fleet or charging network?

The system was designed with commercial deployment in mind — the project explicitly aimed to reach commercial anti-hacking IDS/IPS products for the European automotive cybersecurity market. With 22 partners including 17 industry players testing across multiple attack scenarios, the architecture was built for real-world scale, not just lab conditions.

Who owns the intellectual property and how can we license it?

IP ownership would be distributed among the 22 consortium partners according to their EU grant agreement. The coordinator FUNDACIO PRIVADA I2CAT in Spain would be the first point of contact for licensing discussions. Given the project's explicit commercial goal of producing anti-hacking products, licensing pathways are likely already defined.

Does this meet automotive cybersecurity regulations like UN R155 or ISO 21434?

The project adopted well-established ICT security methodologies to assess vulnerabilities and cyberattack impacts for connected vehicles. While specific regulatory certifications are not mentioned in the available data, the project's focus on IDS/IPS aligns directly with what UN R155 and ISO/SAE 21434 require from manufacturers. Contact the consortium for current compliance status.

How long would integration take for our existing vehicle platform?

Based on available project data, the system includes a Hardware Security Module (HSM) component and software-based IDS/IPS module. The project ran for nearly 3 years (October 2019 to June 2022) and produced 15 deliverables including final demonstrators. Integration timelines would depend on your specific vehicle architecture and should be discussed with the technical partners.

Was this actually tested against real cyberattacks?

Yes. The project conducted extensive attack and penetration scenarios as documented in their final demonstration deliverable. The evaluation covered scenario-driven attacks through implemented use cases and included an overall assessment of results. The Hardware Security Module was also independently demonstrated and reported on.

What kind of ongoing support or updates would we get?

The project produced a roadmap for future evolution of the CARAMEL achievements as part of their final deliverable. With 17 industry partners in the consortium, several are likely continuing development commercially. Contact the coordinator for information on post-project support arrangements and technology transfer options.

Consortium

Who built it

This is a heavily industry-driven consortium with 17 out of 22 partners (77%) coming from industry, including 7 SMEs — well above average for EU research projects. The 9-country spread across Europe plus South Korea signals both broad market validation and international supply chain relevance. With only 3 universities and 2 research organizations, the balance tilts firmly toward commercial application rather than academic exploration. The coordinator, I2CAT in Spain, is a digital innovation foundation with strong ties to both research and industry. For a business looking to adopt this technology, the high industry ratio means the solutions were designed with real deployment constraints in mind, not just theoretical models.

FUNDACIO PRIVADA I2CAT, INTERNET I INNOVACIO DIGITAL A CATALUNYACoordinator · ES
GREENFLUX ASSETS BVparticipant · NL
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEparticipant · KR
CAPGEMINI ENGINEERING DEUTSCHLAND SAS & CO KGparticipant · DE
FICOSA AUTOMOTIVE SLparticipant · ES
ATOS SPAIN SAparticipant · ES
T-SYSTEMS INTERNATIONAL GMBHparticipant · DE
SIDROCO HOLDINGS LIMITEDparticipant · CY
UNIVERSITAT POLITECNICA DE CATALUNYAthirdparty · ES
AVL LIST GMBHparticipant · AT
0 INFINITY LIMITEDparticipant · UK
IDNEO TECHNOLOGIES SAUparticipant · ES
CYBERLENS BVparticipant · NL
EIGHT BELLS LTDparticipant · CY
ATOS IT SOLUTIONS AND SERVICES IBERIA SLparticipant · ES
UNIVERSITY OF CYPRUSparticipant · CY
DEUTSCHE TELEKOM SECURITY GMBHparticipant · DE
PANEPISTIMIO PATRONparticipant · EL
UBIWHERE LDAparticipant · PT
PANASONIC AUTOMOTIVE SYSTEMS EUROPE GMBHparticipant · DE

How to reach the team

FUNDACIO PRIVADA I2CAT, INTERNET I INNOVACIO DIGITAL A CATALUNYA (Spain) — search for CARAMEL project coordinator at I2CAT for direct contact

Order a report on this consortium See FUNDACIO PRIVADA I2CAT, INTERNET I INNOVACIO DIGITAL A CATALUNYA profile →

Next steps

Talk to the team behind this work.

Want an introduction to the CARAMEL team to discuss licensing their IDS/IPS technology for your vehicles or infrastructure? SciTransfer can arrange a direct meeting with the right technical partner.

Order a report on this topic More in Transport & Mobility